optional arguments: -h, --help show this help message and exit -f path File to process (hash line by line OR csv with hash in each line - auto-detects position and comment) -c cache-db Name of the cache database file (default: vt-hash- db.pkl) -i ini-file Name of the ini file that holds the API keys -s sample-folder Folder with samples to process --comment Posts a comment for the analysed hash which contains the comment from the log line -p vt-comment-prefix Virustotal comment prefix --download Enables Sample Download from Hybrid Analysis. SHA256 of sample needed. -d download_path Output Path for Sample Download from Hybrid Analysis. Folder must exist --nocache Do not use cache database file --intense Do use PhantomJS to parse the permalink (used to extract user comments on samples) --retroverify Check only 40 entries with the same comment and therest at the end of the run (retrohunt verification) -r num-results Number of results to take as verification --nocsv Do not write a CSV with the results --verifycert Verify SSL/TLS certificates --sort Sort the input lines (useful for VT retrohunt results) --debug Debug output

Features

MODE A: Extracts hashes from any text file based on regular expressions